Number of U.S. Data Breach Incidents Hits new High in 2017

By CUToday.info02.12.2018

The number of U.S. data breach incidents tracked in 2017 hit a new record high of 1,579 breaches, according to the 2017 Data Breach Year-End Review released by the Identity Theft Resource Center (ITRC) and CyberScout.

The review indicates a drastic upturn of 44.7% increase over the record-high figures reported for 2016, ITRC stated.

“We’ve seen the number of identified breaches increase as a result of industries moving toward more transparency,” said Eva Velasquez, president and CEO of ITRC. “We want to encourage businesses and government entities to continue to provide timely reports to their respective attorneys general so consumers can be better informed on what are the immediate and long-term impacts to their personal information by any given data breach.”

Of the five industry sectors that the ITRC tracks, the business category again topped the ITRC’s Data Breach List for the third year in a row with 55% of the overall total number of breaches (870).

This marks the eighth time since 2005 that the number of breaches for this sector has surpassed all other industries, ITRC stated. The medical/healthcare industry followed in second place with 23.7% of the overall total number of breaches (374). The banking/credit/financial sector rounds out the top three with 8.5% of the overall total (134). This is only the second time since 2005 that the banking/credit/financial sector has ranked in the top three industry categories. The remaining two sectors, educational and government/military, represented 8% and 4.7% respectively.

“Year after year we continue to use the Annual Data Breach Year-End Review as a tool to further glean trends about the state of data breaches, or to confirm what we already know about them,” said Matt Cullina, CEO of CyberScout. “With the business sector being strongly impacted, now more than ever it’s important for organizations of all sizes to not only be prepared for a data breach, but to also be taking proactive steps to plan for the inevitability.”

Hacking continues to rank highest in the type of attack, at 59.4% of the breaches, an increase of 3.2% over 2016 figures.

Of the 940 breaches attributed to hacking, 21.4% involved phishing and 12.4% involved ransomware/malware. Unauthorized access, which was newly added as a method of attack in 2016, represented nearly 11% of the overall total of breaches for a 3.4% increase over 2016 figures. Unauthorized access is defined as breaches which involve some kind of access to the data but the publicly available breach notification letters do not explicitly include the term hacking.

Hacking incidents had significant impact on the business sector this year, with nearly 40% of the breached businesses identifying this type of attack as the cause for the breach. On the other end of the spectrum, the government/military sector was far less impacted with only 1.3% of the total breach occurrences being attributed to hacking, the report stated.

Nearly 20% of breaches included credit and debit card information, a nearly 6% increase from last year. The actual number of records included in these breaches grew by a dramatic 88% over the figures we reported in 2016. Despite efforts from all stakeholders to lessen the value of compromised credit/debit credentials, this information continues to be attractive and lucrative to thieves and hackers, ITRC stated.

Reprinted with permission from CUToday.info, a leading source of news and resources for credit union decision-makers